For the past several months, security officers at ForCorp Inc. have been investigating an
employee over the possible theft of proprietary company information. The employee is
suspected to have passed on this sensitive material to competitors via a floppy disk
found at his home. The suspect, however, claims that he did no such thing.
This was but one of the scenarios students of "Digital Forensics" (IST 600) faced during
their moot court experience on July 16 and 17. The moot court experience, which served
as the final exam for the course, required students to take the stand in the College of
Law's Bond, Schoeneck, and King Courtroom as digital forensics experts and use their
in-class examination of a disk to testify.
"Forensic scientists have always been trained using moot courts, because moot courts
are truly the final examination in life for a case," says adjunct professor Mark Pollitt,
the instructor for the course. "Scientists need to do moot courts to prepare themselves."
Pollitt, a retired FBI agent who specialized in digital forensics, has taught "Digital
Forensics" at Syracuse University for the past five years. He uses the moot court
exercise so that his students can demonstrate all of their skills as communicators,
teachers, technicians and investigators. The course was offered through the
School of
Information Studies' (iSchool) Regnier Summer Institute.
"[The moot court] is really a great motivator and a great way to synthesize what you
learn in the course," Pollitt says. "If you know as a student from day one that
everything you do is going to be under public scrutiny on the stand, then it works as a
motivator to pay attention."
Knowing the material for class and being quizzed by a professor is a challenge, but
presenting the information as an expert witness in the courtroom is a completely
different experience. One of the students said that when she was on the stand the entire
class flashed by her, Pollitt says. Another commented that he felt like half of his brain
shut down while he was testifying. Ali Al Hadwer was no different.
"I was so nervous," says Al Hadwer, an iSchool student from Saudi Arabia. "Although I
prepared very well for the moot court, I was able to learn many things from the way
Mark discussed my investigation reports. You must be professional and stick to your
report facts. I don't hesitate to say that this class gave me the knowledge necessary to
do my job as a forensic expert in the future."
"Digital Forensics" may only be a weeklong summer course, but the intensive schedule
allows Pollitt to give an overview of all of the important topics in the field, including
forensic science theory, legal issues, operating system and hardware fundamentals,
data recovery, forensic tools and examination planning design-all of which ultimately
culminates in the moot court.
"I wanted to provide a survey class that would teach IM [information management], LIS
[library and information science], and TNM [telecommunications and network
management] folks some new ways of thinking about information and how to retrieve
information in the context of criminal cases and in the context of law," Pollitt says.
Pollitt teaches from personal experience, as he was the first FBI agent to become a
computer evidence examiner in the newly formed Computer Analysis Response Team
(CART). He was then promoted to FBI headquarters, where he led the CART program
and helped it grow to a group of more than 250 examiners. In 2002, he became the
director of the FBI's Regional Computer Forensic Laboratory Program, working with
law enforcement agencies on the federal, state and local levels to build digital forensic
laboratories throughout the United States.
Pollitt says that a common problem for students is that many come into the course
thinking digital forensics is just like what they see on TV.
"'CSI' is to real forensics what 'Scrubs' is to the emergency room," Pollitt says. "What's
worse is that it creates some unrealistic expectations, which I think is sad because
there's so much good and interesting stuff that we still need to learn how to do in
forensics, not just digital forensics."
Although forensics, especially digital forensics, is very specialized, having a
background in this field may prove to be much more useful and profitable than
students may realize.
"Forensics is a very specialized subset within many of the professions you can enter
that affect the world," Pollitt says. "There are plenty of opportunities, whether in
criminal intelligence or electronic discovery."
In fact, research firm IDC recently estimated the U.S. digital forensics market to be
worth $630 million in this year alone, compared to $252 million in 2004. The
international market is expected to reach roughly $1.8 billion by 2011, Pollitt says.
As awareness about digital forensics grows, Pollitt hopes to further develop the course
to address imminent problems in the information field.
"My goals are to provide all of our students, particularly the IM majors, with an
appreciation of how forensic methodology, if not forensics itself, can help them frame
and solve some of the information security problems," Pollitt says. "I want to provide
LIS folks an opportunity to think about information in a different context than they are
used to doing, and what I want to do for all of the students is to develop an awareness
of the social implications of cyber crime and information security."
Within a week, students have gone from knowing nothing about digital forensics and
what it entails to being able to scientifically analyze data and to use this knowledge to
testify in court.
"'Digital Forensics' was an unforgettable class," Al Hadwer says. "I enjoyed every
moment in the class."
The feeling is mutual with Pollitt. "My experiences with the students in this class have
been wonderful," he says. "I'm very pleased to be able to do this here."
